Privacy statement

Thank you for visiting our website. Complying with the provisions of data protection law is very important to us. The aim of this data protection statement is to inform you, as a user, about the scope and purpose of processing of personal data and your rights as a data subject under Art. 4(1) of the General Data Protection Regulation.

1. Responsible authority This website and range of services is operated by:

2. General provisions When developing the website, we designed it in a way that means as little data is collected from you as possible. In principle, it is possible to visit our website without entering any personal data. The processing of personal data will only be necessary if you decide to make use of specific services (e.g. using the contact form). We shall always make sure to only process your personal data in accordance with a legal basis or the consent you have given us. We shall comply with the rules set out in the General Data Protection Regulation (GDPR), which has been in effect since 25.5.2018, as well as any applicable provisions of national law.

3. Purpose of use and legal basis for processing personal data When we process your personal data, it is always linked to a specific purpose. In summary, we process your personal data for the following purposes: a) To be able to process your request when you contact us (e.g. e-mail addresses, first name, surname); b) to be able to send you an offer after receiving a quotation enquiry you (quotation form). c) To be able to implement the technical aspects of our website and to provide our information to you via the website (e.g. IP addresses, cookies, browser information). d) To be able to receive and process your application for one of our job offers. The specific purposes shall be set out in relation to the types of processing described here (e.g. contact forms, web analysis, ordering process). The following provisions shall provide the legal basis for processing your data: We shall process personal data that is required for establishing, implementing or processing our range of services (processing of contracts) under the legal basis provided by point b of Art. 6(1) of the GDPR. If we request your consent for the processing of your personal data, this consent shall constitute a legal basis for data processing under Art. 6(1)(a) of the GDPR. Data processing shall also be permitted if we process your data for the purpose of safeguarding our legitimate interests, provided that these are not outweighed by your interests or fundamental rights and freedoms in relation to the processing of personal data. Whenever we use third-party service providers to process data on our behalf, the data processing shall be carried out on the legal basis of Art. 28 of the GDPR.

4. Collected and processed personal data As part of our online services, we shall collect and process some of your personal data. Firstly, you can find out what data is actually processed by us is by referring to what you are required to submit when filling out forms on the website (e.g. contact forms or order forms). Secondly, we shall inform you of the data processed as part of each of the processing operations described here. In summary, we shall collect the following data from you and process it via our website:

We will only collect and process your data for the purposes set out in this data protection statement. Any use of your data that goes beyond the stated purpose will require your express consent. The same principle shall apply to the transfer or transmission of data to third-parties.

5. The collection of personal data when visiting our website When using the website for solely informational purposes, i.e. if you do not register or transmit information to us in any other way, we shall only collect the personal data that your browser transmits to our server. If you want to view our website, we will collect the following data, which are necessary for us due to technical reasons, so that our website can be displayed to you and to ensure stability and security (the relevant legal basis is point f of Art 6(1)(1) of the GDPR): • the IP address • the time and date of the query • the time zone difference relative to Greenwich Mean Time (GMT) • the content of the request (the specific page) • the access status/HTTP status code • the volume of data transmitted • the website the request has come from • the browser • the operating system and its interface • the language settings and version of the browser software. In addition to the data specified above, cookies will be stored on your computer when using our website. You can find further information on this under the heading of "cookies" within this data protection statement.

6. Integration of services from other service providers Our website uses content and services from other service providers. These include, for example, statistical analysis services as well as services for using and visiting our website. The user's IP address is transmitted to these third-party service providers so that this data can be accessed and displayed in the user's browser. Even though we strive to solely use third-party service providers which only require IP addresses to supply content or which even work solely with anonymised IP addresses, we have no say in how the IP addresses may potentially be saved. You can find information on the third-party service providers in the following sections of this data protection statement.

7. Cookies Information is collected and saved on our website using so-called "browser cookies". Cookies are small text files which are saved on your data storage medium and which save specific settings and data so it can be exchanged with our system via your browser. Generally speaking, a cookie contains the name of the domain the cookie files were sent from as well as information on the age of the cookie and an alphanumerical identifier. Cookies allow our systems to recognise the user's device and to make any default settings available immediately. As soon as a user accesses the platform, a cookie will be saved on their computer's hard drive. Cookies help us to improve our website and allow us to offer you a service that is even more tailored to your needs. You allow us to recognise your computer or (mobile) terminal device again when you return to our website. In turn, this allows us to: save information on your preferred activities on the website and in so doing, to orient our website towards your individual interests. speed up the processing of your query. We work together with third-party services, which help us to make our online services and website more interesting. As a result, cookies from these partner companies (third-party service providers) will also be saved on your hard drive when you visit our website. These cookies are automatically deleted after a given time. You can find a list of the cookies we use in the following table:

_ga

lehvoss.co.uk

Is used to identify the user

Two years

_gat

lehvoss.co.uk

Throttles the request rate on websit

Session

_gid

lehvoss.co.uk

Is used to distinguish between users

One day

If you do not wish to use browser cookies, you can adjust your browser settings to reject the storage of cookies. Please note that if you choose to do this, you may only be able to make limited use of our website, if you are able to use it at all. If you only wish to accept our cookies, but not those of our service providers and partners, you can choose the "block third party cookies" option in your browser. We do not accept any liability for the use of third-party cookies.

8. Contacting us (contact forms, quotation forms etc.) You can contact us via e-mail or using our contact form (or quotation form in the case of commercial clients). If you choose to do this, we shall save all of the personal data you have transferred so that we can process your request and get in contact with you for the purpose of dealing with your request. When we request information through our contact form, the compulsory fields that are necessary for getting in touch are marked accordingly (with asterisks). The optional fields help us to refine your query and process your request more effectively. The data requested shall be transferred by you to us on a purely voluntary basis. The legal basis for this processing shall depend on the type of query. For queries which are submitted by you as part of a pre-contractual measure, the basis shall be Art. 6(1)(b) of the GDPR. For other types of request, point f of Art. 6(1)(1) shall provide the legal basis. The legitimate interest shall stem from one of the purposes set out under point no. 3 a.). If personal data is requested that is not necessary for fulfilling the terms of a contract or for safeguarding legitimate interests, the transfer to us shall be carried out on the basis of consent provided by you under point a of Art. 6(1) of the GDPR.

9. Application process On our website we publish job offers that you can apply for via e-mail. If you choose to apply for a job opening, we shall only process the personal data that you submit in the process of doing this and which has been transmitted to us for the purpose of carrying out the application process. If your application is rejected, we shall delete your data as soon as a retention period of six months, as stipulated under employment law, has passed. The period shall be calculated from the point at which the rejection is sent. If you have given your express consent for the continued use of your data for the purpose of getting in touch in the future in relation to positions that you may find interesting, we will continue to retain your data in accordance with this consent. We will not pass on your personal data to any third parties outside the specific application process without having your express consent or a legal basis. In the application process, we do not require any information that is part of the so-called "special categories of personal data" to evaluate an application. This includes data revealing racial or ethnic origin (this also includes your photo), political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. We strongly recommend that you do not include any of the aforementioned data in the data you enter. If the data you have transmitted contains such information, we can only process your application if you provide us with your express consent to save information falling under these special categories of personal data. We would have to obtain this consent from you separately, which would lead to a delay in the application process. Please note that applications sent to us via e-mail are transferred without encryption. This creates the risk that those not entitled to access this data can intercept and use it.

10. Use of Google Analytics Our website uses functions of the web analytics service “Google Analytics”. The provider of this web analytics service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses “cookies”. Cookies are small text files that our website saves on your terminal device and which make it possible to perform an analysis of website use. Information generated by cookies regarding your usage of our website shall be transferred to a server belonging to Google and saved there. As a general rule, these servers are located in the USA. The use of Google Analytics cookies shall take place on the basis of point f of Art. 6(1) of the GDPR. As the operator of this website, we have a legitimate interest in the analysis of user behaviour so that we can optimise our online services and, where applicable, our advertising as well. We shall apply Google Analytics in conjunction with the IP anonymisation function. This ensures that Google compresses your IP address within the Member States of the European Union or the States party to the Agreement on the European Union before transmitting them to the USA. There may be exceptional circumstances under which Google transfers full IP addresses to a server in the USA and compresses them there. Google will use this information to analyse the use of our website on our behalf, allowing it to create reports on website activities and to provide us with other associated services relating to website use and Internet use. There will not be any collation of the IP addresses transmitted by Google Analytics with other data from Google. It is possible to prevent cookies being used on your web browser. However, this may limit some of the functions of our website. You can also prevent the collection of data in relation to your website usage including your IP address together with subsequent processing by Google. This can be done by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout. You can find detailed information on how Google Analytics handles your user data in Google's data protection statement: support.google.com/analytics/answer/6004245. We have concluded a contract with Google regarding processing on our behalf to fully comply with the legal provisions on data protection. Our website uses the "demographics" function of Google Analytics. This allows for reports containing statements on your age, gender and interests to be generated. This data comes from targeted advertising from Google as well as visitor data from third-party service providers. It is not possible to attribute the data to a specific person. You can deactivate this function at any time. You can do this through the display settings in your Google account or by rejecting cookies in general to stop the collection of data through Google Analytics, as set out in the point “rejecting data collection". Alternatively, you can prevent Google Analytics from collecting data by using so-called "opt-out cookies" (see below). If you erase the cookies in your browser, you must click this link again afterwards. You can find Google's data protection statement under the following link: policies.google.com/privacy/partners

11. Use of Google Tag Manager Our website uses Google Tag Manager. This service allows for website tags to be managed via an interface. The Google Tool Manager only uses tags. This means that: no cookies will be used and no personal data will be collected. Google Tool Manager triggers other tags, which, in turn, collect data if necessary. However, Google Tag Manger does not access this information. If the deactivation has taken place at a domain or cookie level, it shall continue to apply to all tracking tags as long as they have been implemented using Google Tag Manager. Deactivation at a domain or cookie level shall continue to apply to all tracking tags that are implemented using Google Tag Manager. You can find Google's data protection statement under the following link: policies.google.com/privacy/partners Google, as a company, is certified under the US-EU "Privacy Shield" data protection agreement. This data protection agreement should ensure that level of data security applicable in the EU is complied with.

12. Use of Google Maps Our website uses the mapping service "Google Maps" to integrate and display map content. The provider of this service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Your IP address will be collected when you access a page with an integrated map from Google Maps. As a general rule, this information will be transferred to a Google server in the USA and saved there. Google will find out your IP address even if you are not logged into a user account. If you are logged into a user account, Google can directly attribute your surfing patterns to your personal profile. You can prevent this by logging out beforehand. The provider of this website does not have any say in this transmission of data. The use of Google Maps is in the interest of producing a corresponding representation of our online offers and making the locations stated on the website easy to find. This constitutes a legitimate interest in accordance with point f of Art. 6(1) of the GDPR. You can find detailed information on how your user data is handled in Google's data protection statement: www.google.de/intl/de/policies/privacy/.

13. General information on social media presence We use our social media presence to present our company in the most effective way possible; communicate with you as a user, customer or interested party and inform you about the services we offer. You can find us on the following platforms and social networks • LinkedIn • XING The use of social networks involves data being processed outside the European Union (EU) and the European Economic Area (EEA). It is not possible to ensure a level of data protection equivalent to that which exists in the EU in every country. In this regard, it may create risks for you as a user if the data that is transmitted is processed in so-called "third-countries" without an appropriate level of data protection. This makes it difficult to implement recognised user rights. In addition, it may mean the third-country service provider may process your data in a way that is not in your interest. If service providers from the USA are certified under the so-called "Privacy shield agreement" - an agreement between the USA and the EU regarding data protection, these service providers shall be obliged to comply with EU data protection standards. As a general rule, the processing purposes of social networks differ from ours. This usually results in the data collected from you by social networks being processed for the purpose of market research, advertising and creation of user profiles for targeted advertising. To achieve this aim, cookies are used which record user behaviour, making it possible to profile the user. You can find a specific list of the purposes of processing user data in the data protection notice of the relevant service provider. By choosing certain settings for your user account, the profiling you are subject to can be reduced, at least to a certain extent. To find out about the exact approach taken, please read the data protection notice of the relevant service provider. LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Data protection statement: www.linkedin.com/legal/privacy-policy Opt-out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out Privacy Shield: www.privacyshield.gov/participant. Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) - data protection statement/opt-out: privacy.xing.com/de/datenschutzerklaerung.

14. Rights of the data subject You have the right:

to obtain access to personal data belonging to you, which is being processed by us, in accordance with Art. 15 of the GDPR. In particular, you can obtain access to information regarding the purposes of the processing, the category of the personal data, the categories of recipients to whom your personal data was or is being disclosed, the envisaged length of time the data will be stored, the existence of a right to request rectification, erasure, the limitation of the processing or to object to it, the source of your data (if it has not been collected by us), as well as the existence of automatic decision-making, including profiling and, meaningful information about the details of this, where applicable;

to obtain the rectification of inaccurate personal data belonging to you which, we have saved, under Art. 16 of the GDPR, without undue delay;

to obtain the erasure of the personal data belonging to you, which we have saved, under Art. 17 of the GDPR, provided that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

to obtain the restriction of processing of your personal data under Art. 18 of the GDPR, if you are contesting the accuracy of the data, if the processing is unlawful, you do not wish for it to be erased and we no longer require it, but you need it for the establishment, exercise or defence of legal claims, or if you have objected to the processing in accordance with Art. 21 of the GDPR;

to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request that such data be transmitted to another data controller (data portability), in accordance with Art. 20 of the GDPR;

to withdraw the consent you previously gave us, at any time, under Art. 7(3) of the GDPR. This will mean that we are no longer able to continue data processing that was based on this consent and lodge a complaint with a supervisory authority under Art. 77 of the GDPR. As a general rule, you can contact our supervisory authority at your usual place of residence, your workplace or our registered office for this purpose.

Right to object If your personal data is processed on the basis of a legitimate interest under point f of Art. 6(1)(1) of the GDPR, you have the right to object to the processing of your personal data under Art. 21 of the GDPR, provided there are reasons that arise from your particular situation or if the objection is directed against direct advertising. In the latter case, you will have a general right to object, which will be implemented by us without specifying a particular situation. If you want to exercise your right of withdrawal or right to object, simply send an e-mail to datenschutz@lehvoss.de

15. Disclosure of your personal data The disclosure of your personal data shall take place as described below. The website is hosted by a third-party service provider in Germany. In this way, we ensure that data processing only takes place in Germany. This is necessary for operating the website, as well as the establishment, implementation and processing of the existing licence agreement, which can also be done without your consent. This means that there may also be disclosure if we are entitled or obliged to disclose data under statutory provisions and/or administrative or judicial orders. In particular, this may relate to the exchange of information for the purpose of law enforcement, safeguarding against threats or the protection of intellectual property rights. If the your data is passed on to the service provider in accordance with the appropriate amount, the service provider shall only have access to your personal data to the extent that this is necessary to fulfil its duties. Such service providers shall be obliged to process your personal data in accordance with the applicable data protection laws, and the GPDR in particular. Generally speaking, we will not transfer your data to third parties outside of the aforementioned circumstances without your consent. In particular, we will not pass any of your data on to any body in a third country or international organisation.

16. Data security Unfortunately, the transmission of information via the Internet is never 100% secure, meaning that we cannot ensure the security of the information transmitted to our website via the Internet. However, we make use of technical and organisational measures to prevent your data from being lost, destroyed, accessed, modified or disseminated by unauthorised persons. In particular, on our website, your personal data shall be encrypted when being transmitted. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) for this purpose. Our security measures are subject to continuous improvements in accordance with technological developments.

17. Storage period for personal data When it comes to the storage period, we erase personal data as soon as it is no longer necessary to store it in order to fulfil the original purpose and there are no longer any existing statutory retention periods in effect. Ultimately, statutory retention periods determine the final duration of the storage period for personal data. After this period has come to an end, the corresponding data is routinely erased. If there are applicable retention periods, processing is restricted by blocking the data.

18. References and links When accessing websites that our website refers you to, you may be asked for information such as your name, address, e-mail address, browser features, etc. This data protection statement does not cover the collection, disclosure or handling of personal data by third-parties. Third-party service providers may have differing provisions or provisions of their own in relation to the collection and use of personal data. It is therefore recommended that you inform yourself about the practices of third-party websites in relation to the handling of personal data before entering such personal data.

19. Amendment of the data protection statement We are continuously developing our website so we can provide you with a service that is constantly improving. We will always keep this data protection notice up to date and adapt it accordingly if and when necessary. We will of course inform you of any potential amendments to this data protection notice in a timely manner. For example, we may do this by sending an e-mail to the e-mail address you provided us with. If it so happens that we require further consent from you in order to handle your data, we will naturally seek this consent from you before the corresponding amendments come into effect.